def run(self):
"""Run all processing modules and all signatures.
@return: processing results.
"""
# This is the results container. It's what will be used by all the
# reporting modules to make it consumable by humans and machines.
# It will contain all the results generated by every processing
# module available. Its structure can be observed throgh the JSON
# dump in the the analysis' reports folder.
# We friendly call this "fat dict".
results = {}
# Order modules using the user-defined sequence number.
# If none is specified for the modules, they are selected in
# alphabetical order.
modules_list = list_plugins(group="processing")
# If no modules are loaded, return an empty dictionary.
if not modules_list:
log.debug("No processing modules loaded")
return results
modules_list.sort(key=lambda module: module.order)
# Run every loaded processing module.
for module in modules_list:
result = self._run_processing(module)
# If it provided some results, append it to the big results
# container.
if result:
results.update(result)
# This will contain all the matched signatures.
sigs = []
# Run every loaded signature.
for signature in list_plugins(group="signatures"):
match = self._run_signature(signature, results)
# If the signature is matched, add it to the list.
if match:
sigs.append(match)
# Sort the matched signatures by their severity level.
sigs.sort(key=lambda key: key["severity"])
# Append the signatures to the fat dict.
results["signatures"] = sigs
# Return the fat dict.
return results
def run(self):
"""Run all processing modules and all signatures.
@return: processing results.
"""
# This is the results container. It's what will be used by all the
# reporting modules to make it consumable by humans and machines.
# It will contain all the results generated by every processing
# module available. Its structure can be observed throgh the JSON
# dump in the the analysis' reports folder.
# We friendly call this "fat dict".
results = {}
# Order modules using the user-defined sequence number.
# If none is specified for the modules, they are selected in
# alphabetical order.
modules_list = list_plugins(group="processing")
# If no modules are loaded, return an empty dictionary.
if not modules_list:
log.debug("No processing modules loaded")
return results
modules_list.sort(key=lambda module: module.order)
# Run every loaded processing module.
for module in modules_list:
result = self._run_processing(module)
# If it provided some results, append it to the big results
# container.
if result:
results.update(result)
# This will contain all the matched signatures.
sigs = []
# Run every loaded signature.
for signature in list_plugins(group="signatures"):
match = self._run_signature(signature, results)
# If the signature is matched, add it to the list.
if match:
sigs.append(match)
# Sort the matched signatures by their severity level.
sigs.sort(key=lambda key: key["severity"])
# Append the signatures to the fat dict.
results["signatures"] = sigs
# Return the fat dict.
return results
def initialize(self):
"""Initialize the machine manager."""
global mmanager
mmanager_name = self.cfg.cuckoo.machine_manager
log.info("Using \"%s\" machine manager", mmanager_name)
# Get registered class name. Only one machine manager is imported,
# therefore there should be only one class in the list.
plugin = list_plugins("machinemanagers")[0]
# Initialize the machine manager.
mmanager = plugin()
# Find its configuration file.
conf = os.path.join(CUCKOO_ROOT, "conf", "%s.conf" % mmanager_name)
if not os.path.exists(conf):
raise CuckooCriticalError("The configuration file for machine "
"manager \"{0}\" does not exist at path: "
"{1}".format(mmanager_name, conf))
# Provide a dictionary with the configuration options to the
# machine manager instance.
mmanager.set_options(Config(conf))
# Initialize the machine manager.
mmanager.initialize(mmanager_name)
# At this point all the available machines should have been identified
# and added to the list. If none were found, Cuckoo needs to abort the
# execution.
if mmanager.machines().count() == 0:
raise CuckooCriticalError("No machines available")
else:
log.info("Loaded %s machine/s", mmanager.machines().count())
def init_modules():
"""Initializes plugins."""
log.debug("Importing modules...")
# Import all processing modules.
import_package(modules.processing)
# Import all signatures.
import_package(modules.signatures)
# Import only enabled reporting modules.
report_cfg = Config(cfg=os.path.join(CUCKOO_ROOT,
"conf",
"reporting.conf"))
prefix = modules.reporting.__name__ + "."
for loader, name, ispkg in pkgutil.iter_modules(modules.reporting.__path__):
if ispkg:
continue
try:
options = report_cfg.get(name)
except AttributeError:
log.debug("Reporting module %s not found in "
"configuration file" % module_name)
if not options.enabled:
continue
import_plugin("%s.%s" % (modules.reporting.__name__, name))
# Import machine manager.
import_plugin("modules.machinemanagers.%s"
% Config().cuckoo.machine_manager)
for category, mods in list_plugins().items():
log.debug("Imported \"%s\" modules:" % category)
for mod in mods:
if mod == mods[-1]:
log.debug("\t `-- %s" % mod.__name__)
else:
log.debug("\t |-- %s" % mod.__name__)
def run(self, results):
"""Generates all reports.
@param results: analysis results.
@raise CuckooReportError: if a report module fails.
"""
# In every reporting module you can specify a numeric value that
# represents at which position that module should be executed among
# all the available ones. It can be used in the case where a
# module requires another one to be already executed beforehand.
modules_list = list_plugins(group="reporting")
# Return if no reporting modules are loaded.
if not modules_list:
log.debug("No reporting modules loaded")
return
modules_list.sort(key=lambda module: module.order)
# Run every loaded reporting module.
for module in modules_list:
self._run_report(module, results)
def initialize(self):
"""Initialize the machine manager."""
global mmanager
mmanager_name = self.cfg.cuckoo.machine_manager
log.info("Using \"%s\" machine manager", mmanager_name)
# Get registered class name. Only one machine manager is imported,
# therefore there should be only one class in the list.
plugin = list_plugins("machinemanagers")[0]
# Initialize the machine manager.
mmanager = plugin()
# Find its configuration file.
conf = os.path.join(CUCKOO_ROOT, "conf", "%s.conf" % mmanager_name)
if not os.path.exists(conf):
raise CuckooCriticalError(
"The configuration file for machine "
"manager \"{0}\" does not exist at path: "
"{1}".format(mmanager_name, conf))
# Provide a dictionary with the configuration options to the
# machine manager instance.
mmanager.set_options(Config(conf))
# Initialize the machine manager.
mmanager.initialize(mmanager_name)
# At this point all the available machines should have been identified
# and added to the list. If none were found, Cuckoo needs to abort the
# execution.
if mmanager.machines().count() == 0:
raise CuckooCriticalError("No machines available")
else:
log.info("Loaded %s machine/s", mmanager.machines().count())
